Whose Responsibility Is Privacy?

December 22, 2009

The one thing that Facebook has consistently pissed users off about over the years is Privacy. The Electronic Privacy Information Center (EPIC) filed a 29-page complaint with the Federal Trade Commission (FTC), claiming that Facebook mislead its users with the recent updates to privacy. The complaint pretty much says that the changes are confusing to users so instead of keeping their information safe users end up losing jobs, being embarrassed etc…  While the social media giant has made some tremendous screw ups in the past in the realm of privacy, I think it’s about time we cut Facebook some slack (just a little though…)

I read through the complaint which pretty much goes over the history of Facebook’s Privacy changes pretty accurately (albeit with a pretty heavy bias). I encourage you to read it on your own. I’m going to skip going over all of that and skip right down to the basis on which EPIC is filing this complaint (towards the bottom of page 23):

98. Facebook is engaging in unfair and deceptive acts and practices. Such practices are prohibited by the FTC Act, and the Commission is empowered to enforce the Act’s prohibitions. These powers are described in FTC Policy Statements on Deception and Unfairness.

99. A trade practice is unfair if it “causes or is likely to cause substantial injury to consumers which is not reasonably avoidable by consumers themselves and not outweighed by countervailing benefits to consumers or to competition.”

One of the major complaints has been that Facebook’s new privacy settings reveal too much of a user’s personal information without giving them adequate controls to effectively manage the security of their personal information.  This is one point that I have to immediately disagree with. Facebook has always given some very granular controls on who can access every piece of information that you post. In fact, it gives you the ability to set specific settings for specific friends that you have… So if you want to allow your college friends to see certain pictures, but not your boss, you can do that. The argument has been made that these settings are too confusing or too hard for users to find or modify… To that I say: No, not really… And if they are then too bad.

Alright, that may have been a little bit harsh, but hear me out. I’ve been using Facebook for a good four years, and one of the first things I did when I started was modified my privacy settings so that I was pretty much invisible. My friends hated it because they couldn’t find me easily, and if they some how could they couldn’t even add me as a friend let alone see any of my information. This also meant that no one I didn’t want to find me or see my information could either. So, to be perfectly honest, when this recent migration occurred, I was fine. The system prompted me to “share my information with everyone” or keep my old settings. I kept my old settings and I was fine.

What I’m getting at is if users are going to get on the internet and share their information with websites such as Facebook, they should understand how to control such tools. Facebook is a company. Companies exist to make money. This particular company makes money by selling information (or advertising to you). While they haven’t made the best decisions in the past in regards to privacy, they’ve done a pretty good job of giving you control of who can actually access this information. So if you want to post pictures of you getting plastered on the company dollar, or engaging in illicit activities, then it is your job to make sure you control who has access to that information. If you decide to post on a friend’s wall about some illicit activity that you engaged in, and they don’t have their information blocked, then you’re the one that’s really at fault… not Facebook.

I really do not see this complaint going to far because the amount of benefit this site provides (as many users will attest) outweighs the injuries that its users incur due to it. Additionally, the injuries are self-inflicted. The argument comes up about the API and its access… If you have your controls set right the most that the API can obtain about you is your (Name, Profile Picture, Gender, Current City, Networks, Friend List, and Pages). Keep your profile picture clean. Other than that, the rest of the information is publicly available information. Any quick Google search could give me most of that and more “damaging” information.

The fact of the matter is, the responsibility of personal privacy resides with the user. If you have a problem with the way a site operates, then do not post your information on it. If you cannot read FAQs that are posted on a site that tell you how to protect your information, do not post it. Social Networking sites were not built for privacy. They were built for allowing users to network, and they do the best they can to help facilitate this… Okay, while trying to make money on the side, but can you really blame them. Here’s a thought. If you have such an issue with how Facebook handles privacy, stop using the site, and build your own that handles privacy in the most effective way.

I am not writing this because I firmly agree with all of Facebook’s privacy policies (or their others for that matter), nor do I work for Facebook, or support it 100%. I’m writing this because users need to start taking responsibility for the privacy of their own information on the internet. You can expect a bank not to release your current balance to public sources, or a hospital to not release your medical records, but when you post information on a social networking website that has specific terms and agreements about what can and cannot be done with the information you post, and how you control it, the responsibility lies with you.